﻿<?php
session_start();
require 'Conn.php';
$username = $_POST['passname'];
$pwd  = $_POST['password'];
If ($username == ""||$pwd == "")
{
	echo "<Script>alert('请输入您的用户名或密码！');history.go(-1);</Script>";
	exit;
}
Else
{
	$user=mysql_real_escape_string($username);
	$sql = "Select * From userifo Where username='$user'";
	$result = mysql_query($sql) or die('Query failed: ' . mysql_error()); 
	$row=mysql_fetch_array($result,MYSQL_ASSOC);						
	If ($row===FALSE)
	{
		echo "<Script>alert('用户名错误，请重新输入！');history.go(-1);</Script>";
		exit;
	}		
	Else
	    if  ($row['pwd'] == $pwd)
	    {
	        $_SESSION['username']=$username;
	        echo $_SESSION['username'];
	        date_default_timezone_set('PRC');
	        $sql='UPDATE userifo SET lastlogin='.date('Y-m-d').'WHERE username='.$user;
			mysql_query($sql,$Conn);			
		    header('Location:index.php');
		    exit;
	    }
	    Else
	    {
		    echo "<Script>alert('密码错误，请重新输入！');history.go(-1);</Script>";
		    exit;
	    }
}	
?>

